Snort mailing list archives

Re: Acidbase frontend does not show IPv6 alerts?


From: Marcelo Garcia <marcelo () lcs poli usp br>
Date: Wed, 15 Oct 2014 08:24:26 -0300

Thank you Jeremy for the explanation.
I hope this issue can be fixed very soon.
Regards.

On 14-10-2014 14:14, Jeremy Hoel wrote:
The issue is in the database that ACID (and all the other tools) use. 
Barnyard2 doesn't pass that onto the database (since there's no where to
put it) so it will never show up.

I'm not away of any snort fronted that does ipv6 yet.  We look for our
ipv6 alerts in our SEIM, but it's very limited. 

On Mon, Oct 13, 2014 at 6:37 PM, Marcelo Garcia <marcelo () lcs poli usp br
<mailto:marcelo () lcs poli usp br>> wrote:

    Hello!

    I have native IPv4+IPv6 dualstack networks monitored with Snort
    2.9.6.2, Barnyard 2.1.13 and AcidBase 1.4.5-2.

    Unfortunately, I cannot see IPv6 entries in BASE web interface.

    If I run Snort in console mode, I can see many alerts in IPv6. I can
    see also the mysql database growing due to IPv6 alerts generated by
    Snort.

    What am I missing? Is there IPv6 suport in Acidbase? Is there any
    configuration option or a patch I must apply? If not, which frontend
    could be an alternative to Acidbase?

    Thanks for any help!


    ------------------------------------------------------------------------------
    Comprehensive Server Monitoring with Site24x7.
    Monitor 10 servers for $9/Month.
    Get alerted through email, SMS, voice calls or mobile push
    notifications.
    Take corrective actions from your mobile device.
    http://p.sf.net/sfu/Zoho
    _______________________________________________
    Snort-users mailing list
    Snort-users () lists sourceforge net
    <mailto:Snort-users () lists sourceforge net>
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

    Please visit http://blog.snort.org to stay current on all the latest
    Snort news!



------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


Current thread: